arpu
commented
2 years ago Open arpu opened 2 years ago
arpu
commented
2 years ago arpu
commented
2 years ago found some more infos to this problem https://github.com/rails/rails/pull/42231
waiting-for-dev
commented
2 years ago It looks like a devise issue, right? I'll keep it open until it's fixed on their end. Thanks for the references.
russellbrown
commented
2 years ago @arpu I ran into the exact same problem and I found for me it seemed to be related to the :timeoutable module being included in the devise method in the model. I just removed :timeoutable and then the error didn't happen any more.
arpu
commented
2 years ago Hey @russellbrown can you point me to the code line?
russellbrown
commented
2 years ago @arpu Sure, I just removed :timeoutable from the model I'm authenticating (in my case User):
class User < ApplicationRecord
devise :database_authenticatable, :recoverable, :rememberable, :validatable, :lockable, :trackable, :timeoutable, :jwt_authenticatable, jwt_revocation_strategy: self
end... and the error disappeared. I had only included :timeoutable as standard based on previous projects but I realised JWT expires the tokens anyway so I didn't really need Devise's implementation.
Hope that helps!
cchoi94
commented
2 years ago @russellbrown I don't have :timeoutable included however i'm still getting this error. This is how my user model looks like
class User < ApplicationRecord
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable,
:jwt_authenticatable,
jwt_revocation_strategy: JwtDenylist
endany thoughts here? Thanks
russellbrown
commented
2 years ago @cchoi94 Oh ok, I don't know then, I just know it worked for me. What if you try removing rememberable? It uses cookies so that may also be causing the sessions issue. I know I had rememberable in my devise method but I also override devise's SessionsController so that may have bypassed it.
cchoi94
commented
2 years ago @russellbrown thanks for getting back. Apologies I ended up moving ahead and although this is not a solution, I got everything to behave correctly by downgrading my rails to v6 rather v7.
On another note, I also just changed my working devise to an m1 pro, so not sure if the shift in devices may be a contributor to the issue.
TaylorBrysonRouse
commented
2 years ago @russellbrown @cchoi94 seems that you have moved on, but got my session storage to work on 7.0.2.4 by putting following code in config/application.rb
(https://www.youtube.com/watch?v=PqizV5l1yFE @ 10:40 (references following ruby documentation: https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Session/CookieStore.html#method-c-new))
config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies
config.middleware.use config.session_store, config.session_options
emmanuelkamala
commented
2 years ago @russellbrown @cchoi94 seems that you have moved on, but got my session storage to work on 7.0.2.4 by putting following code in
config/application.rb(https://www.youtube.com/watch?v=PqizV5l1yFE @ 10:40 (references following ruby documentation: https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Session/CookieStore.html#method-c-new))
config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies config.middleware.use config.session_store, config.session_options
Thanks, this worked for me using Rails 7.0.3 and Ruby 3.1.1
agiratech-saranrajg
commented
2 years ago ActionDispatch::Request::Session::DisabledSessionError (Your application has sessions disabled. To write to the session you must first configure a session store):
app/controllers/admin/sessions_controller.rb:16:in `create'
same error after also session configuration in application.rb
oyenmwen
commented
2 years ago @russellbrown @cchoi94 seems that you have moved on, but got my session storage to work on 7.0.2.4 by putting following code in
config/application.rb(https://www.youtube.com/watch?v=PqizV5l1yFE @ 10:40 (references following ruby documentation: https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Session/CookieStore.html#method-c-new))
config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies config.middleware.use config.session_store, config.session_options
Workaround if you do not want to enable session_store and set it to cookie:
module RackSessionFix
extend ActiveSupport::Concern
class FakeRackSession < Hash
def enabled?
false
end
end
included do
before_action :set_fake_rack_session_for_devise
private
def set_fake_rack_session_for_devise
request.env['rack.session'] ||= FakeRackSession.new
end
end
endclass RegistrationsController < Devise::RegistrationsController
include RackSessionFix
...
end
isaka-lumato
commented
2 years ago @russellbrown @cchoi94 seems that you have moved on, but got my session storage to work on 7.0.2.4 by putting following code in
config/application.rb(https://www.youtube.com/watch?v=PqizV5l1yFE @ 10:40 (references following ruby documentation: https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Session/CookieStore.html#method-c-new))config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies config.middleware.use config.session_store, config.session_optionsThanks, this worked for me using Rails 7.0.3 and Ruby 3.1.1
Bro nmekutana nayo hii kitu pia, mbn sikupati kwa simu kaka
Kaburu12
commented
2 years ago @russellbrown @cchoi94 seems that you have moved on, but got my session storage to work on 7.0.2.4 by putting following code in
config/application.rb(https://www.youtube.com/watch?v=PqizV5l1yFE @ 10:40 (references following ruby documentation: https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Session/CookieStore.html#method-c-new))config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies config.middleware.use config.session_store, config.session_optionsThanks, this worked for me using Rails 7.0.3 and Ruby 3.1.1
Bro nmekutana nayo hii kitu pia, mbn sikupati kwa simu kaka
This one worked for me by inserting as follows:
module ExpertTowing class Application < Rails::Application
config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies
config.middleware.use config.session_store, config.session_options
config.api_only = trueend end
sang-4
commented
2 years ago This worked for me
config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies
config.middleware.use config.session_store, config.session_options
config.api_only = true
VictorRubia
commented
1 year ago Hi, I am facing this error Minitest::UnexpectedError: ActionDispatch::Request::Session::DisabledSessionError: Your application has sessions disabled. To write to the session you must first configure a session store in testing environment. I am trying to do a simple assertion like
test "should get index" do
sign_in users(:one)
get movies_url, as: :json
assert_response :success
endbut even having both workarounds (the one in application.rb and the other having RackSessionFix.rb) is not working.
Any ideas? Thanks.
brytebee
commented
1 year ago @russellbrown @cchoi94 seems that you have moved on, but got my session storage to work on 7.0.2.4 by putting following code in
config/application.rb(https://www.youtube.com/watch?v=PqizV5l1yFE @ 10:40 (references following ruby documentation: https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Session/CookieStore.html#method-c-new))
config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies config.middleware.use config.session_store, config.session_options
This also worked for me. I am using Ruby "3.1.2" and Rails "7.0.4"
Dujota
commented
1 year ago in canse anyone else is struggling with this, you dont need to do any temp patching or enable cookie storre/session store.
This worked for me
config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies config.middleware.use config.session_store, config.session_options config.api_only = true
The above could lead to potential bug when looking at the current_user as the session will only persist the last use that logged in and not the bearer token's user. (ie: link a service provider to a user)
class CurrentUserController < ApplicationController
before_action :authenticate_user!
def index
render json: current_user, status: :ok #<---- should only return the auth user not the last user that devise called sign_in
end
end#application.rb
config.session_store :disabled
Users::RegistrationsController < Devise::RegistrationsController
rotected
def sign_up(resource_name, resource)
#by pass the session store on the default implementation
sign_in resource, store: false <------- THIS
endyou can pretty much call sign_in :user, store: false anywhere you need and it will properly work, just dont forget the let devise know it should transmit the JWT in the header for yourr custom auth route
for example:
API::V1::NextAuthController < ApplicationController
def handle_auth(kind)
if service.present?
service.update(service_attributes)
else
user.services.create(service_attributes)
end
sign_in @user, store: false <----- THIS
end
end
# devise.rb
jwt.dispatch_requests = [
["POST", %r{^/login$}],
["POST", %r{^/api/v1/nextauth$}]
]Hopefully this saves people some time in the future š
thibpoullain
commented
1 year ago @russellbrown @cchoi94 seems that you have moved on, but got my session storage to work on 7.0.2.4 by putting following code in
config/application.rb(https://www.youtube.com/watch?v=PqizV5l1yFE @ 10:40 (references following ruby documentation: https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Session/CookieStore.html#method-c-new))
config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies config.middleware.use config.session_store, config.session_options
This works for me. Thx ! Any news about an official fix ?
janospapp
commented
1 year ago I came late to the party, but I found @Dujota's solution being cleaner, and I found a way to centrally configure store: false, instead of overwriting each methods separately that might need it:
#config/initializers/devise.rb
Devise.setup do |config|
# ... other config
config.warden do |warden|
warden.scope_defaults :user, store: false # <---- This will use the config even if it's not passed to the method opts
warden.scope_defaults :admin, store: false # <---- You need to configure it for each scope you need it for
# you might also want to overwrite the FailureApp in this section
end
endThis way you don't need to hack the session store in rack, it's enough to disable it altogether (if you don't use an api_only application already):
# config/application.rb
module YourApp
class Application < Rails::Application
# ... other config
config.session_store :disabled
end
end
janosrusiczki
commented
1 year ago @Dujota / @janospapp 's solution also worked for me.
It was enough to add...
config.warden do |warden|
warden.scope_defaults :user, store: false
end... into config/initializers/devise.rb and the error went away and I was able to successfully sign_in / sign_out.
tannerhallman
commented
1 year ago Hi, I am facing this error
Minitest::UnexpectedError: ActionDispatch::Request::Session::DisabledSessionError: Your application has sessions disabled. To write to the session you must first configure a session storein testing environment. I am trying to do a simple assertion liketest "should get index" do sign_in users(:one) get movies_url, as: :json assert_response :success endbut even having both workarounds (the one in application.rb and the other having RackSessionFix.rb) is not working.
Any ideas? Thanks.
I am also facing this issue. My development server does not throw any issues and works as expected when running the app using this addition to the application.rb:
config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies
config.middleware.use config.session_store, config.session_options
config.api_only = truebut when running rspec, my tests still seem to face the session problem:
Api::V1::Rooms PUT /rooms/:id when valid doesn't clear rates when its not present
Failure/Error: put "/api/v1/rooms/#{room.id}", headers: user_creation[:auth_headers], params: {}
ActionDispatch::Request::Session::DisabledSessionError:
Your application has sessions disabled. To write to the session you must first configure a session storeBy the way, here's a link to the Rails docs regarding session.
I've also run rails middleware for ENV=development and ENV=test to confirm that the session is included on test:
Even viewing the config while breakpointed in a test it block shows me the session should be enabled:
Anyone have any tips?
Update: Eventually, I ended up narrowing the issue down to sign_in user which I was doing to create a authenticated user before calling the API in Integration tests. Removing that line wasn't actually needed and my tests are passing now.
wJoenn
commented
1 year ago For some reason, neither
Devise.setup do |config|
...
config.warden do |manager|
manager.scope_defaults :user, store: false
end
...
endnor
module HasRackSession
extend ActiveSupport::Concern
class FakeRackSession < Hash
def enabled?
false
end
end
included do
before_action :set_fake_rack_session_for_devise
private
def set_fake_rack_session_for_devise
p "\n\n Hello \n\n"
request.env["rack.session"] ||= FakeRackSession.new
end
end
endwork for me until I changed the navigational_formats inside Devise's config
Devise.setup do |config|
...
config.navigational_formats = []
...
endI don't even know what this does š¤ Would someone have an idea ?
tannerhallman
commented
1 year ago 
luisjosemartin
commented
11 months ago It seems that I had a problem with production environment due to the replica database because when I commented the following lines the problem disappeared:
# DB Replica
config.active_record_uses_replica_for_reading = true
config.active_record.database_selector = { delay: 2.seconds }
config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::SessionWhat worked for me was to change the order of the middleware like mentioned here like this:
config.api_only = true
config.session_store :cookie_store, key: "_interslice_session"
config.middleware.insert_before Rack::Head, ActionDispatch::Session::CookieStore, config.session_options
config.middleware.insert_before ActionDispatch::Session::CookieStore, ActionDispatch::CookiesI hope it helps.
kmooventhan98
commented
10 months ago This worked for me
by adding this line config.navigational_formats = []
in devise.rb
derrelldurrett
commented
8 months ago @russellbrown @cchoi94 seems that you have moved on, but got my session storage to work on 7.0.2.4 by putting following code in
config/application.rb(https://www.youtube.com/watch?v=PqizV5l1yFE @ 10:40 (references following ruby documentation: https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Session/CookieStore.html#method-c-new))config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies config.middleware.use config.session_store, config.session_optionsThanks, this worked for me using Rails 7.0.3 and Ruby 3.1.1
Still a bug, but at least this solution has worked for me in an api_only app (in dev, haven't yet configured tests which looks like it may be an issue?)....
Hey,
anything i miss on the update? any hint is welcome updated from rails 6 to rails 7.01
Debugging information